[Snort-users] Using snort to monitor traffic

Frank frank at ...14116...
Mon Apr 30 18:34:28 EDT 2007


i have snort inline (freebsd, ipfw, postgres logging) set up on my router
to watch HTTP traffic. i would like to log in such a way that i can
determine the last time any IP sent HTTP. i don't want to log any content,
i just need the timestamps. i would prefer not to have to inspect the
content or to log every HTTP packet.

does snort seem like the proper tool for this job? i was going to use
squid, but that seemed like overkill as just a transparent, non-caching
proxy that logs to a flat file.

thanks,
frank




More information about the Snort-users mailing list